Is it possible to predict rand(0,10) in PHP?

Question

I have a script where I use the rand function in PHP. Now I read some ghost stories that its real easy to predict those outcomes. Is this possible from the client-side?

Answer 1

The value returned by rand() is only a pseudo random value.

This means, that it might be possible to calculate the number if you got access to the machine, but that's still really unlikely to happen. A end-user which just sees the output of PHP and has no access to machine has no possible option of calculation or predicting the next value. The output of multiple rand() calls within ONE execution of a php script might *technically *be predictable, but this cannot be used anway, because the user does only see the output of ONE WHOLE execution, having no chance to interact while the PHP script is executing.

This is the procedure used to generate the seed for PHP's rand():

#ifdef PHP_WIN32
#define GENERATE_SEED() (((long) (time(0) * GetCurrentProcessId())) ^ ((long) (1000000.0 * php_combined_lcg(TSRMLS_C))))
#else
#define GENERATE_SEED() (((long) (time(0) * getpid())) ^ ((long) (1000000.0 * php_combined_lcg(TSRMLS_C))))
#endif

As of PHP 4.2.0, The random number generator is seeded automatically.